MiniMax Vision Captcha
v1.0.0使用MiniMax视觉模型识别图片中的验证码、滑块位置、文字内容等。适用于需要AI视觉分析的场景,如微信验证码识别、网页截图分析、图片文字提取。当需要识别图片内容、分析验证码、提取截图信息时使用此技能。
⭐ 0· 1.1k·2 current·3 all-time
byNurmamat@ai-nurmamat
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
Name/description, SKILL.md, and the included script all consistently implement an image/captcha recognition helper that calls a MiniMax visual MCP via mcporter and uses OpenClaw browser screenshots. The files and commands requested are coherent with the stated purpose.
Instruction Scope
Runtime instructions tell the agent to take screenshots and call mcporter.minimax-coding-plan.understand_image — that matches purpose. However the included script will automatically look in /root/.openclaw/media/browser for screenshots if none provided (accessing local user/root files), and it constructs a shell command by interpolating user-supplied prompt and imagePath directly into a single string passed to execSync. That creates a command-injection risk and means the skill can read and submit arbitrary local images to the MCP.
Install Mechanism
No install spec or remote downloads — the skill is instruction-only with a small local Node script. Nothing is fetched from arbitrary URLs during install, which lowers supply-chain risk.
Credentials
The skill declares no environment variables or credentials, but SKILL.md says 'ensure MiniMax MCP is configured' and the script uses mcporter. Credentials/config required to call the MCP are not documented in requires.env or marketplace.json — an omission that reduces transparency. No unrelated credentials are requested.
Persistence & Privilege
Skill is user-invocable, not always:true, and does not request elevated or persistent platform privileges nor modify other skills' configurations.
What to consider before installing
This skill appears to do what it claims (solve captchas using a MiniMax visual service) but you should be cautious before installing: 1) The included script runs a shell command via execSync with prompt and image path interpolated verbatim — this is vulnerable to command injection if those values include malicious characters. Prefer a version that calls mcporter with an argument array (spawn/execFile) or properly escapes inputs. 2) The script will read the latest PNG from /root/.openclaw/media/browser if no image is given; make sure you are comfortable with the skill accessing that directory and that no sensitive screenshots could be sent to the MCP. 3) SKILL.md mentions MiniMax MCP must be configured, but the skill does not declare what credentials or endpoints are required — verify how mcporter is configured and where image data will be sent. 4) The skill author/source is not clearly verified (marketplace.json lists an author/link but the package source/homepage are missing) — consider running in a sandbox, review or rewrite the script to sanitize inputs, and confirm compliance with any site/service terms (captcha bypassing can violate terms of service).Like a lobster shell, security has layers — review code before you run it.
captchalatestminimaxvision
Nurmamat@ai-nurmamat
DownloadMiniMax Vision Captcha Skill
使用MiniMax MCP的视觉理解能力识别图片中的内容,解决验证码、滑块分析等问题。
快速开始
1. 截图
使用OpenClaw浏览器截图:
browser action=screenshot targetId=<页面ID>
或使用OpenClaw的snapshot获取页面结构后分析。
2. 调用MiniMax视觉识别
mcporter call minimax-coding-plan.understand_image prompt="描述图片内容" image_source="/path/to/screenshot.png"
3. 分析结果
根据返回结果进行下一步操作。
典型使用场景
场景1:微信滑块验证码
- 访问微信页面,触发验证码
- 截图:
browser action=screenshot - 发送给视觉模型分析
- 获取滑块位置描述
场景2:图片文字识别
- 截图或获取图片路径
- 调用视觉模型识别文字
- 返回文字内容
场景3:网页元素分析
- 使用snapshot获取页面结构
- 分析特定元素的可见内容和属性
注意事项
- 确保MiniMax MCP已配置
- 图片路径需要是服务器可访问的绝对路径
- 滑块验证码需要描述缺口位置(左侧/右侧/距离)
依赖
- minimax-coding-plan MCP
- OpenClaw浏览器工具
Comments
Loading comments...